Documente Academic
Documente Profesional
Documente Cultură
Books
Background
Computer Security / Internet Security
Top-level Issues
Attacks, services and mechanisms
Security attacks
Security services
Methods of Defense
A model for Internetwork Security
Internet standards and RFCs
1
BOOKS
Stallings William, Cryptography & Network
Security: Principles & Practices,PHI.
Forouzan, Behrouz A., Cryptography &
Network Security, SIE, TMH.
Kahate, Atul, Cryptography & Network
Security, TMH.
BACKGROUND
Review of Computer Network
Computer Security
Tool Designed
Protect Data
Thwart Hackers
Security affected by
Distributed System
Uses of Networks
Communication Satellites
Confidentiality
Integrity Avalaibility
1. Passive Attacks
1. Active Attacks
TYPES OF ATTACK (Contd)
Note:
Passive attacks are very difficult to detect, because
they do not involve any alteration of the data.
Typically, the message traffic is sent and
received in an apparently normal fashion, and neither
the sender nor the receiver is aware that a third party
has read the messages or observed the traffic pattern.
ACTIVE ATTACK
(ii) Active Attack:
It attempts to alter system resources or affect their
operations.
It involves
Modification of data stream
Creation of false stream
Subdivided into four categories
Masquerade
Replay
Modification of message
Denial of Service (DoS)
1. MASQUERADE
Masquerade:
One Entity Pretends to be a different entity.
The attacker pretends to be an authorized user of a system in
order to gain access to it or to gain greater privileges than they
are authorized for.
Attempted through the use of stolen logon IDs and passwords,
through finding security gaps in programs, or through
bypassing the authentication mechanism.
Weak authentication
e.g. Once the attacker has been authorized for entry, they may have
full access to the organization's critical data, and may be able to
modify and delete software and data, and make changes to network
configuration and routing information.
MASQUERADE(contd.)
MASQUERADE (Contd)
Example: IP address, Transit Time delay etc Masquerade
On Linux Machine,
set the timeout values using the ipfwadm command. The general syntax for this is:
ipfwadm -M -s <tcp> <tcpfin> <udp>
The ipfwadm, ipchains, and iptables commands are used to configure the IP
masquerade rules.
following ipfwadm commands are all that are required to make
masquerading work :
# ipfwadm -F -p deny
# ipfwadm -F -a accept -m -S 192.168.1.0/24 -D 0/0
or with ipchains:
# ipchains -P forward -j deny
# ipchains -A forward -s 192.168.1.0/24 -d 0/0 -j MASQ
or with iptables:
# iptables -t nat -P POSTROUTING DROP
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
MASQUERADE (Contd)
2. REPLAY
Replay:
Capture of data unit and its subsequent
retransmission to produce unauthorized effect.
A valid data transmission is maliciously or
fraudulently repeated or delayed.
Carried out either by the originator or by an
attacker who intercepts the data and retransmits
it.
e.g For identity password or key , Session
Tokens etc.
REPLAY (Contd)
Example.
3. MODIFICATION OF MESSAGE
Modification of message:
Some portion of message is affected.
That messages are delayed or reordered
Produce an unauthorized effect.
Example:
could involve modifying a packet header
address for the purpose of directing it to an unintended destination
modifying the user data for changing contents.
Changing or shuffling packet sequence numbers.
MODIFICATION OF MESSAGE(contd.)
4. Denial of Service (DoS)
Prevent the normal use or management of
communication services.
a targeted attack on a particular service, incapacitating
attack.
For example,
a network may be flooded with messages that cause a
degradation of service or possibly a complete collapse if a
server shuts down under abnormal loading.
Another example is rapid and repeated requests to a web
server, which bar legitimate access to others.
Denial-of-service attacks are frequently reported for internet-
connected services.
Denial of Service (DoS) (contd.)
Denial of Service (DoS) (Contd)
Data
Note: Active Attack
complete prevention of active attacks is
unrealistic,
A strategy of detection followed by
recovery is more appropriate.
Security Services
Confidentiality (privacy)
Authentication (who created or sent the data)
Integrity (has not been altered)
Non-repudiation (the order is final)
Access control (prevent misuse of resources)
Availability (permanence, non-erasure)
Denial of Service Attacks
Virus that deletes files
RFC 2828:
a processing or communication service provided by a system
to give a specific kind of protection to system resources
OSI Security Architecture
(X.800 Security for Open Systems Interconnection)
02/06/17 A K Vatsa 45
Average time required for exhaustive
key search
02/06/17 A K Vatsa 46
Average time required for
exhaustive key search